possible new exploit ?

Discussion in 'Wii - Hacking' started by thmailla, Apr 7, 2009.

Apr 7, 2009

possible new exploit ? by thmailla at 3:11 PM (1,723 Views / 0 Likes) 10 replies

  1. thmailla
    OP

    Newcomer thmailla Member

    Joined:
    Mar 31, 2009
    Messages:
    22
    Country:
    France
    Hello,

    My WII is in 3.1E firmware with CIOS rev 9 by Waninkoko the GREAT.
    All apps made by him working good.
    I've USB Loader 1.1, Baclup Launcher Gamma 0.3, Softchip Loader R89, GC backup Launcher 0.2, Homebrew Channel 1.01 Wad Installer 1.3 etc etc... and I'm happy.
    I've got a MODCHIP YAOSM 3.2

    But NINTENDO with update 4.0 blocked Twillight hack.

    Also is it possible to find exploit in :

    1 - Wiiware Games ?
    2 - Gamecube Games ?
    3 - VC games ?
    4 - Official NINTENDO Backup disc 1.31 ?
    5 - Wii System Menu update disc ? (semi-brick rescue disc)
    6 - Menu System 4.0 with SDCARD Access ?
    [Edit] 7 - Maintenance Mode ?
    8 - Wiibrickblocker process ? (is it possible to use the patch mode of it to launch update or downgrade ?)

    I know my question are basically but Waninkoko, Marcan, Wiigator and others could explain us the reasons of possibility or not.

    PS : My English isn't very good sorry

    Thanks
     
  2. pika9323

    Member pika9323 GBAtemp Fan

    Joined:
    Nov 23, 2008
    Messages:
    408
    Country:
    Germany
    I would say:
    All is possible.

    to:
    Official NINTENDO Backup disc 1.31 -> no IOS16 is patched and if you change the disc->Trucha signed and this doesnt work
    Gamecube Games ->No. The Wii goes Into GC mode and doesnt have full access over the wii
    Wii System Menu update disc -> wtf?
     
  3. gitkua

    Member gitkua GBAtemp Regular

    Joined:
    Jul 27, 2006
    Messages:
    257
    Country:
    Netherlands
    yes that's possible [​IMG] weird question
     
  4. MertenNor

    Member MertenNor GBAtemp Regular

    Joined:
    Feb 14, 2009
    Messages:
    172
    Country:
    Norway
  5. thmailla
    OP

    Newcomer thmailla Member

    Joined:
    Mar 31, 2009
    Messages:
    22
    Country:
    France
    Is anybody has infos about comex new exploit ?

    What is the wii boot process chart ?
     
  6. thmailla
    OP

    Newcomer thmailla Member

    Joined:
    Mar 31, 2009
    Messages:
    22
    Country:
    France
    MertenNor what is this video ??
     
  7. spiritofcat

    Member spiritofcat GBAtemp Advanced Fan

    Joined:
    Dec 20, 2007
    Messages:
    577
    Country:
    Australia
    What exactly does that video show?
    There's a guy with 4.0 and the homebrew channel installed.
    He shows us a channel that has the zelda VC banner, and launches the hbc installed splash screen.
    That could easily be just a dol forwarder channel with the Zelda VC banner on it. There's no proof that it's the real Zelda VC channel, modified or otherwise.

    And the guy says you need to have the modified channel already installed for this to work.
    Seems entirely pointless to me.
     
  8. pspmte

    Member pspmte GBAtemp Regular

    Joined:
    Oct 23, 2008
    Messages:
    243
    Country:
    United Kingdom
    WWE 2008 :-)
     
  9. wqu

    Newcomer wqu Member

    Joined:
    Nov 26, 2008
    Messages:
    10
    Country:
    United States
    I think the video have nothing to do with new exploit. That guy in the video just wanted to play "modified" VC game from SD card, and I think it can be easily solved by simply patch IOS60.
     
  10. FAST6191

    Reporter FAST6191 Techromancer

    pip
    Joined:
    Nov 21, 2005
    Messages:
    21,697
    Country:
    United Kingdom
    Basic theory, if you have an exploit you want it to be hard to patch. The twilight hack blocking is but an end run around the hack (they check the save for the hack although they borked the check hard in the first few attempts, they do not fix the hack).
    Know that whenever I mention signing it was pure luck that Nintendo messed up the implementation, without it we would probably be where the 360 is now save for GC homebrew and unless someone finds a method to factor large numbers, donates some seriously powerful computing capabilities or someone manages some social engineering type attacks we have little chance of breaking the signing.

    1 - Wiiware Games ?
    Entirely possible, they can however easily be updated and you have to pay for them (rental or hitting up a friend is easy enough for a disc).

    2 - Gamecube Games ?
    In crude terms the gamecube games run in a hypervisor mode using mios which keeps it fairly locked down, admittedly not all that much work has been done upon it but I doubt there is a good exploit in there. Also this was the basis for the tweezer attack (now fixed but as they said it only needed to be done once).
    Not to mention we already have GC homebrew running and have done for longer that we have had modchips for.

    3 - VC games ?
    This one would be harder as VC games are usually just emulators and so we would need to find a bug in the emulation code rather than code built from the ground up. Although it is the same in theory as wiiware emulation tends to be simpler in terms of system interactions (emulator writing is hard and you tend not to play around with other stuff once it is done).

    4 - Official NINTENDO Backup disc 1.31 ?
    This is what gave us IOS16* although there may be more; I doubt it though as it is also a fairly simple app with very limited features.
    *IOS16 was useful only because it still had the trucha bug, was signed by Nintendo and Nintendo had not updated it when they had updated all the other IOS versions (whether it was an oversight or a lack of desire to refit their fixing stations is another debate). This allowed us to install it via the "normal" wii methods (which check signing, at this point checking it properly) but now Nintendo has put a higher version out there with working signing it is only useful for those on a pre-4.0 wii.

    5 - Wii System Menu update disc ? (semi-brick rescue disc)
    This is not an official disc (I assume you speak of these: http://hackmii.com/2008/05/semi-brick-fix-discs/ ) and as such needs a homebrew capable wii (one with the signing/trucha bug).

    6 - Menu System 4.0 with SDCARD Access ?
    This is the most hopeful but in reality we have had similar capabilities from some of the earliest menus. Not to mention they are sure to have locked it down somewhat (SD is a widely known and understood spec and anyone can have full access to the inner depths of the SD card).

    [Edit] 7 - Maintenance Mode ?
    This would be the the 4 directions at once thing (or y with starfall), it has been explored a bit from what I have heard but again it is a simple mode designed to run a very limited selection of software (again signed).

    8 - Wiibrickblocker process ? (is it possible to use the patch mode of it to launch update or downgrade ?)

    Brick blocking comes in 2 forms,
    1) header tweak (this is used by the various channels, brickblocker and mod chips to prevent updates.
    2) ripping the update from the disc, naturally this breaks signing and is ultimately no different to the method above as far as this is concerned.

    When the wii runs it checks for a given section in the header and if it exists it then checks version numbers, if higher it triggers the update procedure.
    This disc header is not signed though and so we can dupe the wii into thinking there is no update, this is all it does. Before you ask the version numbers are included in the signed section of the update so we can not just change those, homebrew methods rely on several things but as we would only have the official Nintendo method to install by in the first place......
     
  11. thmailla
    OP

    Newcomer thmailla Member

    Joined:
    Mar 31, 2009
    Messages:
    22
    Country:
    France
    Thanks very much for informations.

    I hope a new hack will come early to launch homebrew channel or another code for downgrade possibility.
    My Wii is OK but lot of my friends have updated to 4.0 without HBC and no possibilities to benefit any hack.

    [​IMG]
     

Share This Page